PARTNER CONSULTANT - Manual Penetration Testing using OWASP checklists

Position: Application Security (Individual Contributor Role).

Experience: 5-8 Years.

Location: Bangalore

Employment Type: Full-time.

Role Overview: We are seeking an experienced Security Assessor (Individual Contributor) with strong hands-on expertise in Web, Mobile, and API security, source code review and intermediate-level cloud security capabilities and good knowledge of network security. The ideal candidate will also have a solid understanding of the banking domain, business risks, and risk assessment methodologies.

This role requires independently conducting security assessments, identifying vulnerabilities, working with business teams and providing remediation guidance with minimal supervision.

Key Responsibilities

Security Assessments:

• Perform Web Application Security Testing based on OWASP Top 10, SANS, and industry standards.
• Conduct Mobile Application Security Testing (Android/iOS).
• Evaluate API Security for REST, SOAP, GraphQL, and microservices.
  
  

Secure Code Review

• Conduct manual and automated source code reviews across multiple languages and frameworks.
• Provide detailed remediation guidance to development teams.
  
  

Cloud Security

• Perform intermediate cloud security reviews (AWS/Azure/GCP).
• Identify misconfigurations and assess cloud-native security risks.
  
  

Network Security

• Conduct basic network security assessments and configuration reviews.
  
  

Risk Assessment & Governance

• Apply strong understanding of banking domain risks, regulatory expectations, and security controls.
• Map technical findings to business impact, ensuring accurate risk interpretation.
• Perform risk assessment and vulnerability risk rating using industry-standard frameworks (CVSS, OWASP risk rating, custom client risk models, etc.).
• Support secure design discussions and provide guidance during architecture reviews.
  
  

Reporting & Collaboration

• Prepare clear and comprehensive reports with risk ratings and remediation steps.
• Collaborate with developers, DevOps, infrastructure, and architecture teams to close vulnerabilities.
• Support integration of security controls into SDLC/DevSecOps pipelines.
  
  

Required Skills & Expertise

• Strong hands-on experience in Web, Mobile and API Security Testing.
• Proficiency in manual and automated source code reviews.
• Intermediate-level understanding of cloud security (AWS, Azure, GCP).
• Basic understanding of network security.
• Strong knowledge of banking processes, application workflows, and business risks.
• Ability to translate technical vulnerabilities into business impact.
• Familiarity with risk assessment frameworks and vulnerability rating mechanisms.
• Proficiency with security tools such as Burp Suite, MobSF, Postman, Checkmarx, Fortify, SonarQube, OWASP ZAP, etc.
• Excellent analytical, documentation, and communication skills.
• Ability to operate independently as an Individual Contributor in a fast-paced environment.
  
  

Preferred Qualifications

• Certifications such as OSCP, OSWE, OSEP, CEH, eWPTX, eMAPT, CISA, CCSK, AWS/Azure Security, or relevant security credentials.
• Exposure to DevSecOps pipelines, CI/CD, container security.
  
  

Web Application Security Testing,Mobile Security,Thick Client,Source Code Review,Cloud Security,Container Security,Network Security,Manual Penetration Testing using OWASP checklists,Penetration Testing,API Security